====================================== | [ 2253.748922][T18522] ------------[ cut here ]------------ | [ 2253.749235][T18522] rcuref - imbalanced put() | [ 2253.749237][T18522] WARNING: lib/rcuref.c:266 at 0x0, CPU#3: mausezahn/18522 | [ 2253.749985][T18522] Modules linked in: netdevsim ipt_rpfilter act_mirred cls_matchall ip6_gre gre pktgen drop_monitor nft_chain_nat xt_nat nft_compat nf_tables cls_bpf openvswitch psample nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nsh act_gact cls_flower sch_ingress vxlan [last unloaded: netdevsim] [ 2253.751057][T18522] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2253.751246][T18522] RIP: 0010:rcuref_put_slowpath (lib/rcuref.c:266 (discriminator 4)) [ 2253.751439][T18522] Code: c0 03 38 d0 7c 04 84 d2 75 6a c7 03 00 00 00 a0 31 c0 eb 8f 48 8d 7c 24 20 e8 3b c4 9a ff e9 6e ff ff ff 48 8d 3d 6f fd 40 03 <67> 48 0f b9 3a be 04 00 00 00 48 89 df e8 0d c9 9a ff 48 89 d8 48 All code ======== 0: c0 03 38 rolb $0x38,(%rbx) 3: d0 7c 04 84 sarb $1,-0x7c(%rsp,%rax,1) 7: d2 75 6a shlb %cl,0x6a(%rbp) a: c7 03 00 00 00 a0 movl $0xa0000000,(%rbx) 10: 31 c0 xor %eax,%eax 12: eb 8f jmp 0xffffffffffffffa3 14: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 19: e8 3b c4 9a ff call 0xffffffffff9ac459 1e: e9 6e ff ff ff jmp 0xffffffffffffff91 23: 48 8d 3d 6f fd 40 03 lea 0x340fd6f(%rip),%rdi # 0x340fd99 2a:* 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2f: be 04 00 00 00 mov $0x4,%esi 34: 48 89 df mov %rbx,%rdi 37: e8 0d c9 9a ff call 0xffffffffff9ac949 3c: 48 89 d8 mov %rbx,%rax 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 67 48 0f b9 3a ud1 (%edx),%rdi 5: be 04 00 00 00 mov $0x4,%esi a: 48 89 df mov %rbx,%rdi d: e8 0d c9 9a ff call 0xffffffffff9ac91f 12: 48 89 d8 mov %rbx,%rax 15: 48 rex.W [ 2253.751968][T18522] RSP: 0018:ffa00000024e7320 EFLAGS: 00010206 [ 2253.752155][T18522] RAX: 0000000000000000 RBX: ff1100000cdea980 RCX: 0000000000000001 [ 2253.752376][T18522] RDX: 0000000000000001 RSI: 00000000dfffffff RDI: ffffffff968e0e20 [ 2253.752618][T18522] RBP: dffffc0000000000 R08: ffffffff940dc159 R09: ffe21c00019bd530 [ 2253.752842][T18522] R10: ffe21c00019bd531 R11: 0000000000000001 R12: ff1100000cdea940 [ 2253.753063][T18522] R13: 1ff400000049ce64 R14: ff1100000cdeb840 R15: ff110000153f3480 [ 2253.753283][T18522] FS: 00007f9cd35e6c40(0000) GS:ff110000d518b000(0000) knlGS:0000000000000000 [ 2253.753542][T18522] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2253.753727][T18522] CR2: 00007ffc3f20c0f8 CR3: 0000000016f94006 CR4: 0000000000771ef0 [ 2253.753946][T18522] PKRU: 55555554 [ 2253.754057][T18522] Call Trace: [ 2253.754168][T18522] [ 2253.754243][T18522] ? rcuref_get_slowpath (lib/rcuref.c:238) [ 2253.754390][T18522] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 2253.754541][T18522] dst_release (./include/linux/rcuref.h:117 ./include/linux/rcuref.h:173 net/core/dst.c:167) [ 2253.754655][T18522] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 2253.754799][T18522] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:455) [ 2253.754943][T18522] rt_cache_route (net/ipv4/route.c:1518) [ 2253.755091][T18522] rt_set_nexthop.isra.0 (net/ipv4/route.c:1622 (discriminator 1)) [ 2253.755236][T18522] __mkroute_output (./include/net/lwtunnel.h:140 net/ipv4/route.c:2682) [ 2253.755384][T18522] ip_route_output_key_hash (net/ipv4/route.c:2705) [ 2253.755532][T18522] ? ip_route_output_key_hash_rcu (net/ipv4/route.c:2693) [ 2253.755715][T18522] ? mark_held_locks (kernel/locking/lockdep.c:4325 (discriminator 1)) [ 2253.755861][T18522] ? __lock_release.isra.0 (kernel/locking/lockdep.c:5536) [ 2253.756006][T18522] ip_route_output_flow (net/ipv4/route.c:2934 (discriminator 1)) [ 2253.756152][T18522] ? __asan_memset (mm/kasan/shadow.c:84 (discriminator 2)) [ 2253.756297][T18522] udp_tunnel_dst_lookup (net/ipv4/udp_tunnel_core.c:261 (discriminator 1)) [ 2253.756445][T18522] ? udp_tunnel_sock_release (net/ipv4/udp_tunnel_core.c:237) [ 2253.756594][T18522] ? vxlan_xmit_one (./include/linux/rcupdate.h:331 (discriminator 1) ./include/linux/rcupdate.h:867 (discriminator 1) drivers/net/vxlan/vxlan_core.c:2455 (discriminator 1)) vxlan [ 2253.756748][T18522] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 2253.756894][T18522] vxlan_xmit_one (drivers/net/vxlan/vxlan_core.c:2472 (discriminator 4)) vxlan [ 2253.757041][T18522] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24 (discriminator 3)) [ 2253.757197][T18522] ? vxlan_fdb_delete (drivers/net/vxlan/vxlan_core.c:2337) vxlan [ 2253.757343][T18522] ? rcu_read_lock_any_held (kernel/rcu/update.c:386 (discriminator 1) kernel/rcu/update.c:380 (discriminator 1)) [ 2253.757492][T18522] ? vxlan_find_mac_rcu (./include/linux/rhashtable.h:632 (discriminator 4) ./include/linux/rhashtable.h:670 (discriminator 4) drivers/net/vxlan/vxlan_core.c:392 (discriminator 4)) vxlan [ 2253.757679][T18522] ? vxlan_find_sock (drivers/net/vxlan/vxlan_core.c:382) vxlan [ 2253.757822][T18522] ? rcu_is_watching (./include/linux/context_tracking.h:128 (discriminator 1) kernel/rcu/tree.c:751 (discriminator 1)) [ 2253.757967][T18522] ? vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 2253.758109][T18522] vxlan_xmit (drivers/net/vxlan/vxlan_core.c:2829) vxlan [ 2253.758259][T18522] dev_hard_start_xmit (./include/linux/netdevice.h:5272 ./include/linux/netdevice.h:5281 net/core/dev.c:3853 net/core/dev.c:3869) [ 2253.758406][T18522] __dev_queue_xmit (net/core/dev.h:381 net/core/dev.c:4818) [ 2253.758556][T18522] ? _copy_from_iter (./arch/x86/include/asm/smap.h:47 ./arch/x86/include/asm/uaccess_64.h:121 ./arch/x86/include/asm/uaccess_64.h:141 lib/iov_iter.c:67 ./include/linux/iov_iter.h:30 ./include/linux/iov_iter.h:302 ./include/linux/iov_iter.h:330 lib/iov_iter.c:261 lib/iov_iter.c:272) [ 2253.758703][T18522] ? __alloc_skb (./include/linux/bottom_half.h:20 (discriminator 1) net/core/skbuff.c:672 (discriminator 1)) [ 2253.758847][T18522] ? napi_skb_cache_get (net/core/skbuff.c:650) [ 2253.758991][T18522] ? _copy_from_iter_flushcache (lib/iov_iter.c:266) [ 2253.759168][T18522] ? netdev_core_pick_tx (net/core/dev.c:4725) [ 2253.759312][T18522] ? packet_parse_headers (./include/linux/skbuff.h:3180 (discriminator 1) net/packet/af_packet.c:1938 (discriminator 1)) [ 2253.759466][T18522] ? sock_alloc_send_pskb (net/core/sock.c:2998) [ 2253.759612][T18522] packet_snd (net/packet/af_packet.c:3076 (discriminator 1)) [ 2253.759761][T18522] ? tpacket_snd (net/packet/af_packet.c:2940) [ 2253.759900][T18522] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 2253.760043][T18522] ? find_held_lock (kernel/locking/lockdep.c:5350 (discriminator 1)) [ 2253.760188][T18522] ? __might_fault (mm/memory.c:7129 (discriminator 4)) [ 2253.760334][T18522] __sys_sendto (net/socket.c:721 (discriminator 1) net/socket.c:733 (discriminator 1) net/socket.c:2222 (discriminator 1)) [ 2253.760484][T18522] ? __ia32_sys_getpeername (net/socket.c:2189) [ 2253.760630][T18522] ? sock_ioctl (net/socket.c:1367) [ 2253.760779][T18522] ? __x64_sys_clock_gettime (kernel/time/posix-timers.c:1146 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2) kernel/time/posix-timers.c:1134 (discriminator 2)) [ 2253.760922][T18522] __x64_sys_sendto (net/socket.c:2229 (discriminator 1) net/socket.c:2225 (discriminator 1) net/socket.c:2225 (discriminator 1)) [ 2253.761065][T18522] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2253.761209][T18522] ? do_syscall_64 (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 ./include/linux/entry-common.h:108 arch/x86/entry/syscall_64.c:90) [ 2253.761351][T18522] do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) [ 2253.761501][T18522] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) [ 2253.761681][T18522] RIP: 0033:0x7f9cd3799c5e [ 2253.761832][T18522] Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa All code ======== 0: 4d 89 d8 mov %r11,%r8 3: e8 14 bd 00 00 call 0xbd1c 8: 4c 8b 5d f8 mov -0x8(%rbp),%r11 c: 41 8b 93 08 03 00 00 mov 0x308(%r11),%edx 13: 59 pop %rcx 14: 5e pop %rsi 15: 48 83 f8 fc cmp $0xfffffffffffffffc,%rax 19: 74 11 je 0x2c 1b: c9 leave 1c: c3 ret 1d: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 24: 48 8b 45 10 mov 0x10(%rbp),%rax 28: 0f 05 syscall 2a:* c9 leave <-- trapping instruction 2b: c3 ret 2c: 83 e2 39 and $0x39,%edx 2f: 83 fa 08 cmp $0x8,%edx 32: 75 e7 jne 0x1b 34: e8 13 ff ff ff call 0xffffffffffffff4c 39: 0f 1f 00 nopl (%rax) 3c: f3 0f 1e fa endbr64 Code starting with the faulting instruction =========================================== 0: c9 leave 1: c3 ret 2: 83 e2 39 and $0x39,%edx 5: 83 fa 08 cmp $0x8,%edx 8: 75 e7 jne 0xfffffffffffffff1 a: e8 13 ff ff ff call 0xffffffffffffff22 f: 0f 1f 00 nopl (%rax) 12: f3 0f 1e fa endbr64 [ 2253.762340][T18522] RSP: 002b:00007ffc3f212000 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 2253.762567][T18522] RAX: ffffffffffffffda RBX: 0000563a143ea830 RCX: 00007f9cd3799c5e [ 2253.762786][T18522] RDX: 0000000000000064 RSI: 0000563a143eaac2 RDI: 0000000000000005 [ 2253.763003][T18522] RBP: 00007ffc3f212010 R08: 00007ffc3f212060 R09: 0000000000000014 [ 2253.763220][T18522] R10: 0000000000000000 R11: 0000000000000202 R12: 0000563a143eaac2 [ 2253.763439][T18522] R13: 0000000000000064 R14: 0000000000000005 R15: 0000563a073fa890 | [ 2254.072761][ C2] BUG: KASAN: slab-use-after-free in dst_dev_put (net/core/dst.c:146) | [ 2254.072906][ C2] Read of size 8 at addr ff1100000cdeb840 by task swapper/2/0 | [ 2254.073039][ C2] | [ 2254.073093][ C2] Tainted: [W]=WARN [ 2254.073094][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2254.073096][ C2] Call Trace: [ 2254.073097][ C2] [ 2254.073099][ C2] dump_stack_lvl (lib/dump_stack.c:122) [ 2254.073105][ C2] print_address_description.constprop.0 (mm/kasan/report.c:379) [ 2254.073109][ C2] print_report (mm/kasan/report.c:483) [ 2254.073111][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2254.073113][ C2] ? __virt_addr_valid (./include/linux/rcupdate.h:981 (discriminator 3) ./include/linux/mmzone.h:2197 (discriminator 3) arch/x86/mm/physaddr.c:54 (discriminator 3)) [ 2254.073117][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2254.073119][ C2] kasan_report (mm/kasan/report.c:597) [ 2254.073122][ C2] ? dst_dev_put (net/core/dst.c:146) [ 2254.073125][ C2] dst_dev_put (net/core/dst.c:146) [ 2254.073127][ C2] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 2254.073130][ C2] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 2254.073132][ C2] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 2254.073134][ C2] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 2254.073138][ C2] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 2254.073140][ C2] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 2254.073143][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2254.073146][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 2254.073148][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2254.073152][ C2] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 2254.073154][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 2254.073156][ C2] rcu_core (kernel/rcu/tree.c:2859) [ 2254.073158][ C2] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 2254.073161][ C2] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 2254.073163][ C2] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 2254.073165][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 2254.073167][ C2] [ 2254.073167][ C2] [ 2254.073168][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 2254.073170][ C2] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 2254.073173][ C2] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 2254.073175][ C2] RSP: 0018:ffa0000000147de8 EFLAGS: 00000296 [ 2254.073177][ C2] RAX: 00000000072c34ed RBX: ff11000001ada2c0 RCX: ffffffff92684c3f [ 2254.073178][ C2] RDX: ff11000001ada2c0 RSI: ffffffff9540ff26 RDI: ffffffff94e69f80 [ 2254.073179][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 2254.073180][ C2] R10: 0000000000000002 R11: 0000000000000001 R12: 1ff4000000028fc0 [ 2254.073181][ C2] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 2254.073182][ C2] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 2254.073186][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2254.073187][ C2] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 2254.073189][ C2] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 2254.073190][ C2] cpuidle_idle_call (kernel/sched/idle.c:192) [ 2254.073192][ C2] ? arch_cpu_idle_exit+0x40/0x40 [ 2254.073193][ C2] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 2254.073196][ C2] do_idle (kernel/sched/idle.c:332) [ 2254.073198][ C2] cpu_startup_entry (kernel/sched/idle.c:429) [ 2254.073199][ C2] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 2254.073201][ C2] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) [ 2254.073203][ C2] common_startup_64 (arch/x86/kernel/head_64.S:419) | [ 2254.086160][ C2] Disabling lock debugging due to kernel taint | [ 2254.086402][ C2] Oops: general protection fault, probably for non-canonical address 0xe052fc3620000007: 0000 [#1] SMP KASAN | [ 2254.086621][ C2] KASAN: maybe wild-memory-access in range [0x029801b100000038-0x029801b10000003f] | [ 2254.087041][ C2] Tainted: [B]=BAD_PAGE, [W]=WARN [ 2254.087130][ C2] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [ 2254.087248][ C2] RIP: 0010:dst_dev_put (net/core/dst.c:149) [ 2254.087341][ C2] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2c 02 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 43 08 48 8d 78 38 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 d8 01 00 00 48 8b 40 38 48 85 c0 74 08 48 89 ee All code ======== 0: fc cld 1: ff lcall (bad) 2: df 48 c1 fisttps -0x3f(%rax) 5: ea (bad) 6: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax c: 85 2c 02 test %ebp,(%rdx,%rax,1) f: 00 00 add %al,(%rax) 11: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 18: fc ff df 1b: 48 8b 43 08 mov 0x8(%rbx),%rax 1f: 48 8d 78 38 lea 0x38(%rax),%rdi 23: 48 89 f9 mov %rdi,%rcx 26: 48 c1 e9 03 shr $0x3,%rcx 2a:* 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) <-- trapping instruction 2e: 0f 85 d8 01 00 00 jne 0x20c 34: 48 8b 40 38 mov 0x38(%rax),%rax 38: 48 85 c0 test %rax,%rax 3b: 74 08 je 0x45 3d: 48 89 ee mov %rbp,%rsi Code starting with the faulting instruction =========================================== 0: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1) 4: 0f 85 d8 01 00 00 jne 0x1e2 a: 48 8b 40 38 mov 0x38(%rax),%rax e: 48 85 c0 test %rax,%rax 11: 74 08 je 0x1b 13: 48 89 ee mov %rbp,%rsi [ 2254.087653][ C2] RSP: 0018:ffa0000000218d10 EFLAGS: 00010212 [ 2254.087767][ C2] RAX: 029801b100000000 RBX: ff1100000cdeb840 RCX: 0053003620000007 [ 2254.087897][ C2] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 029801b100000038 [ 2254.088074][ C2] RBP: ff1100000f83c9c8 R08: 0000000000000008 R09: fffffbfff2e4c2c4 [ 2254.088205][ C2] R10: fffffbfff2e4c2c5 R11: 0000000000000000 R12: 1fe2200002a7e68d [ 2254.088336][ C2] R13: 0000000000000003 R14: 0000000000000001 R15: ff110000153f3470 [ 2254.088549][ C2] FS: 0000000000000000(0000) GS:ff110000d510b000(0000) knlGS:0000000000000000 [ 2254.088747][ C2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2254.088856][ C2] CR2: 00007fd039f5fdb4 CR3: 0000000052748005 CR4: 0000000000771ef0 [ 2254.088993][ C2] PKRU: 55555554 [ 2254.089137][ C2] Call Trace: [ 2254.089207][ C2] [ 2254.089253][ C2] rt_fibinfo_free_cpus.part.0 (net/ipv4/fib_semantics.c:196) [ 2254.089382][ C2] fib_nh_common_release (net/ipv4/fib_semantics.c:141 net/ipv4/fib_semantics.c:207) [ 2254.089472][ C2] free_fib_info_rcu (./include/net/nexthop.h:480 net/ipv4/fib_semantics.c:229) [ 2254.089566][ C2] ? rcu_do_batch (kernel/rcu/tree.c:2605) [ 2254.089653][ C2] rcu_do_batch (./include/linux/rcupdate.h:341 (discriminator 1) kernel/rcu/tree.c:2607 (discriminator 1)) [ 2254.089739][ C2] ? trace_rcu_batch_end (kernel/rcu/tree.c:2529) [ 2254.089828][ C2] ? trace_irq_enable.constprop.0 (./include/trace/events/preemptirq.h:40 (discriminator 33)) [ 2254.089979][ C2] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:470 (discriminator 6) kernel/locking/lockdep.c:4411 (discriminator 6)) [ 2254.090126][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2254.090215][ C2] ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/irqflags.h:26 ./arch/x86/include/asm/irqflags.h:109 ./arch/x86/include/asm/irqflags.h:151 ./include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) [ 2254.090323][ C2] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3)) [ 2254.090472][ C2] rcu_core (kernel/rcu/tree.c:2859) [ 2254.090540][ C2] handle_softirqs (./arch/x86/include/asm/jump_label.h:37 ./include/trace/events/irq.h:142 kernel/softirq.c:623) [ 2254.090629][ C2] ? tasklet_unlock_wait (kernel/softirq.c:580) [ 2254.090719][ C2] irq_exit_rcu (kernel/softirq.c:657 kernel/softirq.c:496 kernel/softirq.c:723 kernel/softirq.c:739) [ 2254.090785][ C2] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1056 (discriminator 47) arch/x86/kernel/apic/apic.c:1056 (discriminator 47)) [ 2254.090909][ C2] [ 2254.090957][ C2] [ 2254.091003][ C2] asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:697) [ 2254.091111][ C2] RIP: 0010:pv_native_safe_halt (arch/x86/kernel/paravirt.c:82) [ 2254.091205][ C2] Code: 48 8b 3d c4 ac 71 02 e8 1f 00 00 00 48 2b 05 b8 22 9b 00 c3 0f 1f 80 00 00 00 00 f3 0f 1e fa eb 07 0f 00 2d 23 83 19 00 fb f4 0f 1f 40 d6 48 83 ec 20 8b 17 49 89 f8 83 e2 fe 41 89 d2 0f 01 All code ======== 0: 48 8b 3d c4 ac 71 02 mov 0x271acc4(%rip),%rdi # 0x271accb 7: e8 1f 00 00 00 call 0x2b c: 48 2b 05 b8 22 9b 00 sub 0x9b22b8(%rip),%rax # 0x9b22cb 13: c3 ret 14: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 1b: f3 0f 1e fa endbr64 1f: eb 07 jmp 0x28 21: 0f 00 2d 23 83 19 00 verw 0x198323(%rip) # 0x19834b 28: fb sti 29: f4 hlt 2a:* c3 ret <-- trapping instruction 2b: 0f 1f 40 d6 nopl -0x2a(%rax) 2f: 48 83 ec 20 sub $0x20,%rsp 33: 8b 17 mov (%rdi),%edx 35: 49 89 f8 mov %rdi,%r8 38: 83 e2 fe and $0xfffffffe,%edx 3b: 41 89 d2 mov %edx,%r10d 3e: 0f .byte 0xf 3f: 01 .byte 0x1 Code starting with the faulting instruction =========================================== 0: c3 ret 1: 0f 1f 40 d6 nopl -0x2a(%rax) 5: 48 83 ec 20 sub $0x20,%rsp 9: 8b 17 mov (%rdi),%edx b: 49 89 f8 mov %rdi,%r8 e: 83 e2 fe and $0xfffffffe,%edx 11: 41 89 d2 mov %edx,%r10d 14: 0f .byte 0xf 15: 01 .byte 0x1 [ 2254.091548][ C2] RSP: 0018:ffa0000000147de8 EFLAGS: 00000296 [ 2254.091662][ C2] RAX: 00000000072c34ed RBX: ff11000001ada2c0 RCX: ffffffff92684c3f [ 2254.091831][ C2] RDX: ff11000001ada2c0 RSI: ffffffff9540ff26 RDI: ffffffff94e69f80 [ 2254.091999][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 2254.092207][ C2] R10: 0000000000000002 R11: 0000000000000001 R12: 1ff4000000028fc0 [ 2254.092375][ C2] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 2254.092547][ C2] ? cpuidle_idle_call (kernel/sched/idle.c:192) [ 2254.092636][ C2] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473) [ 2254.092730][ C2] default_idle (./arch/x86/include/asm/paravirt.h:107 arch/x86/kernel/process.c:767) [ 2254.092795][ C2] default_idle_call (./include/linux/cpuidle.h:143 (discriminator 1) kernel/sched/idle.c:123 (discriminator 1)) [ 2254.092922][ C2] cpuidle_idle_call (kernel/sched/idle.c:192) [ 2254.093048][ C2] ? arch_cpu_idle_exit+0x40/0x40 [ 2254.093134][ C2] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:52) [ 2254.093224][ C2] do_idle (kernel/sched/idle.c:332) [ 2254.093289][ C2] cpu_startup_entry (kernel/sched/idle.c:429) [ 2254.093414][ C2] start_secondary (arch/x86/kernel/smpboot.c:200 (discriminator 16) arch/x86/kernel/smpboot.c:280 (discriminator 16)) [ 2254.093500][ C2] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:230) Finger prints: print_report:kasan_report:dst_dev_put:fib_nh_common_release:free_fib_info_rcu rcuref_put_slowpath:dst_release:rt_cache_route:__mkroute_output:ip_route_output_key_hash dst_dev_put:fib_nh_common_release:free_fib_info_rcu:rcu_do_batch:rcu_core